Android

The NSA generally undermines security rather than do anything useful so as to help.

Now the NSA is taking a stand against malware in a pretty significant way it would seem, they are going to release a helpful tool for free in an effort to help, for a change.

On March 5th, the agency plans to release a free reverse engineering tool, GHIDRA. The software reportedly dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software.

GHIDRA entered the spotlight with the Vault 7 leak, so it’s not a secret nor is it really new, it is unusual however, for the NSA to release it.

Other similar tools to exist in fact however they are terribly expensive.

This does leave some to wonder what the NSA’s true motives are given it’s prior history and part in the Zero Days worldwide malware release.

Share this:

Like this:

My dad used to make fun of me for shelling out the extra money for Apple anything, and while iPhone’s are not 100% malware or hacker proof, they are still the safest bet in town.

Reports are circling around town today about a fairly newer piece of malware affecting Android phones. The malware is a cryptocurrency miner that happens to be so aggressive in nature that it can actually cause physical damage to an Android phone.

Once your phone is infected the malware carries out quite a few malicious activities behind the scene such as but certainly not limited to:

Unending ad’s

Actually participating in DDoS attacks

Sending text messages to any number

Silently subscribing to paid services

And of course

Mining cryptocurrency

The malware is hidden ever so conveniently inside apps that are distributed through third party markets, browser ads, and sms based spam. The malware is called Trojan.AndroidOS.Loapi but has been given the nickname of “jack of all trades,” by researchers at Kaspersky Lab.

After just two days of testing the malware in a lab researchers found that after it ran all of its dirty little deeds continuously it actually caused the phone’s battery to swell so much that it caused the cover to become deformed.

Of course the mining is not the only issue, then again neither is the swelling batteries one might encounter.

The malware also sends a number of prompts for users to assist it in obtaining admin permissions, once granted those highly sought after permissions the malware makes it pretty difficult for an infected device to install security apps that would otherwise “disinfect” the device.

It will subscribe the device to costly premium services pretty much all day long, sending codes in sms on its own to confirm those costly subscriptions and, whoever is on the other end of the attack, well those guys can use the infected phones to become part of DDoS attacks.

Lastly, it displays a constant stream of ads that annoy users to no end.

Researchers have never seen anything like this before and are unsure of its origins.

The good news is that no one seems to think that users are downloading it from Google Play.

Share this:

Like this:

Researchers from Kaspersky Lab have discovered at least 2 Android trojans that steal financial information and login credentials, now just in time for the holidays, double as file-encrypting ransomware programs.

Faketoken, one of the programs whose primary function was to generate fake login screens for more than 2,000 financial applications in order to steal login credentials, with the added bonus of being able to display phishing pages in order to steal credit card information, and read and send text messages, added a new and improved bonus feature.

The creators of Faketoken back in July added the ability to encrypt user files stored on the phone’s SD card and they also have since released thousands of builds with the very same functionality.

According to researchers at Kaspersky Lab “Once the relevant command is received, the Trojan compiles a list of files located on the device corresponding to the given list of 89 extensions and encrypts them.”

Faketoken is disguised to look like many popular apps and games, once installed, it creates repeated prompts that bug the user repeatedly to input necessary permissions.

Tordow 2.0, which is available through third-party app stores, again disguised as a popular app, contains a pack of exploits that it utilizes in order to gain root privileges on the infected devices.

So far Faketoken has managed to infect devices in 27 countries, most of which are located in Germany, Ukraine, Thailand, and Russia.

It is only a matter of time before the rest of the world starts to see these types of mobile banking trojans that are complete with ransomware.

File-encrypting ransomware has never really been popular until now with mobile devices because generally everything on a mobile device is backed up to a cloud.

With hackers becoming more and more daring, creative and clever, you can be sure to find these types of mobile banking ransomware trojans heading to an app near you sometime in the near future.

Banks are going to need to do more in terms of informing customers of when and why mobile apps are updated but more importantly mobile apps on the app stores need to be checked and managed a lot better than they are today.

Users are the ultimate enabler regardless of banks and the app stores.

I cannot tell you how many times users at my current job and my past jobs, who will bring me a laptop, macbook, Android phone, iPhone, iPad or tablet that has some type of app installed that is causing them a headache.

10 times out of 10, when I ask the user if they checked the app’s that they had installed before installing them, the answer is always no, after being given the glazed over, blank, deer in headlights look.

It is only a matter of time before these types of mobile ransomware trojans become more and more popular as users ditch desktops and opt for more mobile friendly ways to function through everyday life.